.TH mfsexports.cfg "5" "November 2018" "MooseFS 3.0.103-1" "This is part of MooseFS"
.SH NAME
mfsexports.cfg \- MooseFS access control for \fBmfsmount\fPs
.SH DESCRIPTION
The file \fBmfsexports.cfg\fP contains MooseFS access list for \fBmfsmount\fP
clients.
.SH SYNTAX
.PP
Syntax is:
.TP
\fIADDRESS\fP \fIDIRECTORY\fP [\fIOPTIONS\fP]
.PP
Lines starting with \fB#\fP character are ignored as comments.
.PP
\fIADDRESS\fP can be specified in several forms:
.PP
.nf
.ta +2i
\fB*\fP	all addresses
\fBn.n.n.n\fP	single IP address
\fBn.n.n.n/b\fP	IP class specified by network address and number of significant bits
\fBn.n.n.n/m.m.m.m\fP	IP class specified by network address and mask
\fBf.f.f.f-t.t.t.t\fP	IP range specified by from-to addresses (inclusive)
.fi
.PP
\fIDIRECTORY\fP can be \fB/\fP or path relative to MooseFS root; special
value \fB.\fP means MFSMETA companion filesystem.
.PP
\fIOPTIONS\fP list:
.TP
.BR ro ", " readonly
export tree in read-only mode; this is default
.TP
.BR rw ", " readwrite
export tree in read-write mode
.TP
.B alldirs
allows to mount any subdirectory of specified directory (similarly to NFS)
.TP
.B dynamicip
allows reconnecting of already authenticated client from any IP address
(the default is to check IP address on reconnect)
.TP
.B ignoregid
disable testing of group access at \fBmfsmaster\fP level (it's still done
at \fBmfsmount\fP level) - in this case "group" and "other" permissions are
logically added; needed for supplementary groups to work (\fBmfsmaster\fP
receives only user primary group information)
.TP
.B admin
administrative privileges - currently: allow changing of quota values and storage classes management
.TP
\fBmaproot=\fP\fIUSER\fP[\fB:\fP\fIGROUP\fP]
maps root (uid=0) accesses to given user and group (similarly to maproot
option in NFS mounts); \fIUSER\fP and \fIGROUP\fP can be given either as
name or number; if no group is specified, \fIUSER\fP's primary group is
used. Names are resolved on \fBmfsmaster\fP side (see note below).
.TP
\fBmapall=\fP\fIUSER\fP[\fB:\fP\fIGROUP\fP]
like above but maps all non privileged users (uid!=0) accesses to given
user and group (see notes below).
.TP
\fBpassword=\fP\fIPASS\fP, \fBmd5pass=\fP\fIMD5\fP
requires password authentication in order to access specified resource
.TP
\fBminversion=\fP\fIVER\fP
rejects access from clients older than specified
.TP
\fBmingoal=\fP\fIN\fP, \fBmaxgoal=\fP\fIN\fP
specify range in which goal can be set by users
.TP
\fBmintrashtime=\fP\fITDUR\fP, \fBmaxtrashtime=\fP\fITDUR\fP
specify range in which trashtime can be set by users
.PP
Default options are: \fBro, maproot=999:999, mingoal=1, maxgoal=9, mintrashtime=0, maxtrashtime=4294967295\fP.
.SH NOTES
\fIUSER\fP and \fIGROUP\fP names (if not specified by explicit uid/gid
number) are resolved on \fBmfsmaster\fP host.
.PP
TDUR can be specified as number without time unit (number of seconds) or
combination of numbers with time units. Time units are:
\fBW\fP,\fBD\fP,\fBH\fP,\fBM\fP,\fBS\fP. Order is important - less
significant time units can't be defined before more significant time units.
Time units are case insensitive.
.PP
Option \fBmapall\fP works in MooseFS in different way than in NFS, because MooseFS is
using FUSE's "default_permissions" option. When \fBmapall\fP option is used, users
see all objects with uid equal to mapped uid as their own and all other as
root's objects. Similarly objects with gid equal to mapped gid are seen as
objects with current user's primary group and all other objects as objects
with group 0 (usually wheel). With \fBmapall\fP option set attribute cache
in kernel is always turned off.
.SH EXAMPLES
.nf
.ta +2i
\fB*                    /       ro\fP
\fB192.168.1.0/24       /       rw\fP
\fB192.168.1.0/24       /       rw,alldirs,maproot=0,password=passcode\fP
\fB10.0.0.0-10.0.0.5    /test   rw,maproot=nobody,password=test\fP
\fB10.1.0.0/255.255.0.0 /public rw,mapall=1000:1000\fP
\fB10.2.0.0/16          /       rw,alldirs,maproot=0,mintrashtime=2h30m,maxtrashtime=2w\fP
.fi
.SH "REPORTING BUGS"
Report bugs to <bugs@moosefs.com>.
.SH COPYRIGHT
Copyright (C) 2018 Jakub Kruszona-Zawadzki, Core Technology Sp. z o.o.

This file is part of MooseFS.

MooseFS is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, version 2 (only).

MooseFS is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with MooseFS; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA
or visit http://www.gnu.org/licenses/gpl-2.0.html
.SH "SEE ALSO"
.BR mfsmaster (8),
.BR mfsmaster.cfg (5)
